POPI (Protection of Personal Information) Policy
The relationship of MacRobert with its clients, employees and partners is based on mutual integrity and trust and it is therefore committed to maintaining this trust by protecting the privacy of personal information and data disclosed and received from any data subject or data owner at all times and to the best of its ability.
The Management of MacRobert subscribes to the goals and principles of data privacy and information security in line with relevant legislation and its business strategy and objectives. Data privacy and information security is an integral component of the information management structure of MacRobert.
MacRobert has an obligation to ensure appropriate security of all Information Technology (IT) systems (data, equipment and processes) and personal information that it owns and/or controls on behalf of other responsible parties.
The need for data privacy and information security is driven by the following:
- Legal, statutory, regulatory and contractual obligations;
- Risk assessment; and
- Operational principles, objectives and requirements for information systems that MacRobert has defined or developed.
This applies to:
- Any joint ventures, and/or other business organisations that are owned or controlled by MacRobert who receive or process personal information for, or on behalf of the Company;
- The employees and independent contractors of the Company;
- Third-party agreements; and
- Personal information of external data subjects and data owners processed and/or stored by the Company.
The MacRobert POPI policy also includes the domains and frameworks of Logical security, Physical security, Managerial security. Against the background of the aforementioned, it is therefore the focused intent of MacRobert to incorporate all the applicable principles and regulations in this policy and to monitor and enforce compliance to its prescriptions by way of establishing the necessary mandated management, reporting and disciplinary structures to facilitate these outcomes.
Related legislation, principles, standards, policies and agreements
- Protection of Personal Information Act No. 4 of 2013;
- Promotion of Access to Information Act 2000;
- Companies Act No. 7 of 2008;
- King III Code of Governance Principles;
- Generally Accepted Privacy Principles (GAPP)
- ISO/SANS 27002:2008;
- Company Business Continuation and Disaster Recovery Plan;
- Company Personnel Policy and Disciplinary Code;
- Company E-mail Policy and Procedures;
- Company Acceptable Use Policy and Procedures;
- Company Remote Working Facilities and Mobile Device Policy;
- Company Media Policy;
- Company Password Policy;
- Company Confidentiality Agreements: Employees, Third Parties and Contractors;
- Company Protection of Personal Information Agreements: Employees, Third Parties and Contractors;
- Company Non-Disclosure Agreements;
- Company Third-Party Service and Service Level Agreements; and
- Company Data Classification Policy.
Information Officer: Mr A Dormehl – General Manager
Private Bag x18
1062 Jan Shoba Street
Telephone and email
Telephone: +27 (12) 425 3400